nathan/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2026-06-05 21:03:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d90a8da39fec118e6342766f1359e1fa2bce86ba
nixpkgs/.github/workflows/bot.yml
dependabot[bot] d90a8da39f .github: Bump actions/checkout from 6.0.2 to 6.0.3 
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](de0fac2e45...df4cb1c069)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-05 11:22:54 +00:00

131 lines
4.9 KiB
YAML
Raw Blame History

# WARNING:
# When extending this action, be aware that $GITHUB_TOKEN allows some write
# access to the GitHub API. This means that it should not evaluate user input in
# a way that allows code injection.
name: Bot
on:
schedule:
# Run every 10m
# i.e., at each of the listed minutes, every hour
- cron: '05,15,25,35,45,55 * * * *'
workflow_call:
inputs:
headBranch:
required: true
type: string
secrets:
NIXPKGS_CI_APP_PRIVATE_KEY:
required: true
workflow_dispatch:
concurrency:
# This explicitly avoids using `run_id` for the concurrency key to make sure that only
# *one* scheduled run can run at a time.
group: bot-${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number }}
# PR-triggered runs will be cancelled, but scheduled runs will be queued.
cancel-in-progress: ${{ github.event_name != 'schedule' }}
# This is used as fallback without app only.
# This happens when testing in forks without setting up that app.
permissions:
issues: write # managing issue labels and comments
pull-requests: write # managing pull request labels and comments
defaults:
run:
shell: bash
jobs:
run:
runs-on: ubuntu-slim
if: github.event_name != 'schedule' || github.repository_owner == 'NixOS'
env:
# TODO: Remove after 2026-03-04, when Node 24 becomes the default.
# https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
persist-credentials: false
sparse-checkout: |
ci/github-script
- name: Install dependencies
run: npm install @actions/artifact@6.2.1 bottleneck@2.19.5
# Use a GitHub App, because it has much higher rate limits: 12,500 instead of 5,000 req / hour.
- uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
if: github.event_name != 'pull_request' && vars.NIXPKGS_CI_CLIENT_ID
id: app-token
with:
client-id: ${{ vars.NIXPKGS_CI_CLIENT_ID }}
private-key: ${{ secrets.NIXPKGS_CI_APP_PRIVATE_KEY }}
permission-administration: read
permission-contents: write
permission-issues: write
permission-members: read
permission-pull-requests: write
- name: Log current API rate limits
env:
GH_TOKEN: ${{ steps.app-token.outputs.token || github.token }}
run: gh api /rate_limit | jq
- name: Run bot
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
with:
github-token: ${{ steps.app-token.outputs.token || github.token }}
retries: 3
script: |
require('./ci/github-script/bot.js')({
github,
context,
core,
dry: context.eventName == 'pull_request'
})
- name: Log current API rate limits
env:
GH_TOKEN: ${{ steps.app-token.outputs.token || github.token }}
run: gh api /rate_limit | jq
- uses: actions/labeler@f27b608878404679385c85cfa523b85ccb86e213 # v6.1.0
name: Labels from touched files
if: |
github.event_name == 'pull_request_target' &&
!contains(fromJSON(inputs.headBranch).type, 'development')
with:
repo-token: ${{ steps.app-token.outputs.token || github.token }}
configuration-path: .github/labeler.yml # default
sync-labels: true
- uses: actions/labeler@f27b608878404679385c85cfa523b85ccb86e213 # v6.1.0
name: Labels from touched files (no sync)
if: |
github.event_name == 'pull_request_target' &&
!contains(fromJSON(inputs.headBranch).type, 'development')
with:
repo-token: ${{ steps.app-token.outputs.token || github.token }}
configuration-path: .github/labeler-no-sync.yml
sync-labels: false
- uses: actions/labeler@f27b608878404679385c85cfa523b85ccb86e213 # v6.1.0
name: Labels from touched files (development branches)
# Development branches like staging-next, haskell-updates and python-updates get special labels.
# This is to avoid the mass of labels there, which is mostly useless - and really annoying for
# the backport labels.
if: |
github.event_name == 'pull_request_target' &&
contains(fromJSON(inputs.headBranch).type, 'development')
with:
repo-token: ${{ steps.app-token.outputs.token || github.token }}
configuration-path: .github/labeler-development-branches.yml
sync-labels: true
- name: Log current API rate limits
env:
GH_TOKEN: ${{ steps.app-token.outputs.token || github.token }}
run: gh api /rate_limit | jq
Reference in New Issue View Git Blame Copy Permalink